NSX-T: Clear NSX-T DNS Forwarder Cache
[ Update: NSX-T ingests negative SOA TTL from myDNS server in this example. Microsoft DNS defaults this to 1 hour. So NSX-T will cache the negative result for an hour. To combat this behavior, you can set your source DNS server to a lower TTL so that cache in NSX-T clear quicker. Valid records in this setup will still cache for 1 hour or whatever you have your DNS server set to.] To determine TTL value for the negative record: nslookup -type=a -nosearch -d2 brokenaka.ninja.corp Summary: Ran into an interesting behavior w/ NSX-T's DNS forwarder service. Basically, if I queried for an invalid DNS name, NSX-T's DNS caching appears to capture that invalid query for an undetermined amount of time. So what does this do? Basically, if I queried for ninja.naka.corp w/o creating the entry on my DNS server, NSX-T caches that invalid record. If I then registered ninja.naka.corp on my DNS server, NSX-T will continue to tell me that the record is invalid even thou...